Zendesk offers the ability to set separate authentication policies for agents vs end-users. This helps you secure your Zendesk by allowing you to create a more strict authentication policy for agents while still providing easy access to your customers and end-users.
With this functionality, you can...
- Set different password policies for agents vs end-users
- Set different authentication methods for agents vs end-users (e.g. Google sign-in for agents, Zendesk sign-in for end-users)
- Restrict your agents to sign in with only one authentication method that you choose: username + password, Google, or SSO (SAML or JWT)
- You will only be able to select a single authentication mechanism for agents. If you select SSO with IP restrictions, your agents will be allowed to sign in with Zendesk credentials outside of the IP range.
- Enable SSO for only agents, or only end-users, or both
- Note: You will not be able to select different SSO configurations for end-users vs. agents if you select SSO for both.
- You can set up both JWT and SAML, designating the primary SSO mechanism for Zendesk redirection
Security settings that pertain to all users, such as IP restrictions and SSL, can be found under the "Global" tab.
If SSO is enabled only for end-users, they are taken directly to the SSO sign-in page. Agents have to navigate to the /access/normal URL to sign in using their Zendesk account credentials.
If SSO is enabled for agents and not end-users, a link called "I am an Agent" is displayed on the sign-in page. Clicking this link takes the agent directly to the SSO sign-in page.